eBay security... whose updated their passwords?

tramcar trev

tramcar trev

all manner of mechanical apparatus...
Not sure if this is local or global none the less there could be dire implications.... Fortunately the hackers didn't get into pay-pal so they may well go on a spending spree but they cant pay for anything they buy....


eBay

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our corporate information network. This attack compromised a database containing eBay user passwords.

What's important for you to know: We have no evidence that your financial information was accessed or compromised. And your password was encrypted.

What I ask of you:
Go to eBay and change your password. Changing your password may be inconvenient. I realize that. We are doing everything we can to protect your data and changing your password is an extra precautionary step, in addition to the other security measures we have in place.

If you have only visited eBay as a guest user, we do not have a password on file.

If you used the same eBay password on any other site, I encourage you to change your password on those sites too. And if you are a PayPal user, we have no evidence that this attack affected your PayPal account or any PayPal financial information, which is encrypted and stored on a separate secure network.

Here are other steps we are taking:
As always, we have strong protections in place for both buyers and sellers in the event of any unauthorized activity on your account.
We are applying additional security to protect our customers.
We are working with law enforcement and leading security experts to aggressively investigate the matter.

Here's what we know: This attack occurred between late February and early March and resulted in unauthorized access to a database of eBay users that includes customers' name, encrypted password, email address, physical address, phone number and date of birth.

However, the file did not contain financial information. And, after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. We also have no indication of a significant spike in fraudulent activity on our site.

We apologize for any inconvenience or concern that this situation may cause you. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We know our customers have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.

Devin Wenig Signature
Devin Wenig
President, eBay Marketplaces
 
Yes, I've had that email which is genuine - but I've also had two spoof emails since the news broke - one supposedly from PayPal and one supposedly from eBay. The Paypal one looked very plausible but the eBay one was laughable - it began:

Dear Customer,
We're constantly working to make Ebay more safer, simpler and more convenient for our customers.
This means that from time to time we update all users informations.

I forwarded them to spoof@paypal.com and spoof@ebay.com, together with the email headers and received the info shown below.

I'm sure you're all internet savvy - but there are likely to be quite a few phishing emails coming through - the advice below is useful.

Rik


Hello,

Thanks for forwarding the suspicious email you received.

The email is a spoof, also known as a "phishing," email. (That's phishing, as in "fishing" for personal information.) It didn't come from eBay. Our Trust & Safety team is working to disable any websites it links to.

Copies of any emails we send you about the status of your account or a change in your account information will be displayed in My Messages.
This is especially helpful since many spoof emails try to convince you that your account is in jeopardy.

-- Important --
*Never* respond to a suspicious email or click any links in the email message. If you think you may have given out personal information in a spoof email or website, you need to take steps to protect your identity right away. For more information about what to do, go to:

http://pages.ebay.com/help/account/protecting-identity-theft.html

If you'd like to learn more about how to spot a spoof email and stay safe online, go to:

http://pages.ebay.com/help/tutorial/accountprotection/js_tutorial.html

Keep those reports coming -- you're helping protect the global Internet community! Our Trust & Safety team works closely with Internet Service Providers to shut down fraudulent sites. We also send your reports to Web browser companies so that they can develop tools to identify spoof sites.


Sincerely,
eBay Trust & Safety Team
 
Changed mine, though the automated email it should send was not working / very slow, so used the 'live chat' facility to get a droid to give the system a kick for me..

Two words to all who have an eBay account:
DO IT!
 
Three weeks back I got a message from Fleabay that they had locked my account due to 'unusual' activity on the selling side of my account. I checked and it did turn out to be locked.
I phoned them and they informed me that someone had 'appropriated' my log in details and had used my account to sell items (ebay had taken these items off after 'discovering' the problem).
I had to change my password. then (three weeks ago)

One day later (but about three weeks before the story broke on our news services and ebay had admitted a problem) I read, in a professional IT journal, about the hacks into ebay and other companies databases.
Ebay resolutely denied that their database was compromised .......but have now said that they knew of the problem for months!

I am glad that they acted fast on locking and clearing my account of 'counterfeit goods' BUT it was obviously because they were monitoring the account due to it being one of the ones that had been compromised due to the hack months earlier!

Never believe any company when they tell you that your account is totally safe (including encryption). Knowing what is possible with hacking, I am just waiting until Paypal get hacked...one bit of human error is all it needs.............scary
 
beavercreek said:
Never believe any company when they tell you that your account is totally safe (including encryption). Knowing what is possible with hacking, I am just waiting until Paypal get hacked...one bit of human error is all it needs.............scary
Click to expand...
Yep you can always tell when the company is up for sale; always gets a quick spruce up....
Paypal getting hacked has worried me for ages but an expert I know says they have better security than some banks.... I always maintain a $0 balance... I guess though if the hack paypal then they could access my card account, hard to know what info Paypal has on THEIR database.....
 
tramcar trev said:
Yep you can always tell when the company is up for sale; always gets a quick spruce up....
Paypal getting hacked has worried me for ages but an expert I know says they have better security than some banks.... I always maintain a $0 balance... I guess though if the hack paypal then they could access my card account, hard to know what info Paypal has on THEIR database.....
Click to expand...


I've wondered about the very same thing. How deep can the hacker go, once they are into your Paypal account?
 
Presumably if they managed to get full access to Paypal, in a worst case they could get at any bank accounts or cards which were linked to your Paypal account. That is why, for taking Paypal payments for my business, I have a separate simple bank account that I have the Paypal money transferred into, and from there I regularly (and manually, at the bank counter) transfer the funds over from that basic account to my business account. That way, Paypal do not have any of my business account details. It's still probably not 100%, because nothing is, but at least it's an extra level of "firewall" between by business account and any details that might be compromised if Paypal is ever seriously hacked.

As to the original question, yes - I changed my eBay password as soon as I heard about the situation on the radio news; took just a few moments to do.

Jon.
 
Madman said:
I've wondered about the very same thing. How deep can the hacker go, once they are into your Paypal account?
Click to expand...

As far as they want, provided they have the skills to access the different data paths. Presumably as they had managed to hack it in the first place, accessing details would not be a problem for them.

Although I have always embraced technology whole heartedly, I have, also, had a healthy wariness about databases and their vulnerability.

We are fast going to a system where there will only be online access (even if it is only an access terminal) to databases to pay, or get paid, for everyhting.
Bearing in mind the time that hackers put into their devious work, we are only small steps ahead of them in encryption etc.

Having said all this,.... I have four paypal accounts, two of which are associated with my businesses and the ease of transactions with their system is so good to use for clients. The pluses so far, outweigh the minus.......so far
 
Had same this morning change of password is mandatory
 
And in French, German and Italian as well - depending on what Ebay thinks you are or where, you sometimes get interesting langauge lessons .... ??? :-\
 
You have to get a code via email, text or 'phone. I've emailed twice without success, and a message to customer service about this received a reply saying they were sorry I was having difficulty signing in to PayPal and offering various remedies for this. I replied explaining that wasn't the problem and, so far, no reply to that. Meanwhile, I tried a text via landline and this worked (I'd forgotten our landline 'phone could handle texts by speaking them.)

Now to try the code from eBay.
 
changed mine,,, you just never know if the finger of doom will point towards you,,,
 
Last time I logged on I was told my a/c was locked, because an attempt to sign on was made, using my password :o , from an 'unusual location', displayed on a map as a mobile device in Chicago. I'm sure the hackers didn't guess my password.
 
I had trouble changing my password on "Sniper" to make sure it matched my new eBay password.... When I tried to change it I was redirected to some other site. Sent an email to Sniper and they said they had been hacked and were "invoking new vigorous security features" and would return to normal service ASAP.... back up now,,,, But the implications are horrendous a 3rd party could have sniped anything for me, even a biohazard suit to allow me to safely dismantle batteries....
 
You must log in or register to reply here.
Back
Top Bottom